CVE-2026-46356

Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against Fleet instances...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the windowsMDMManagement endpoint. An attacker can gain unauthorized access to management functionality by bypassing authentication mechanisms. Remediation Upgrade github.com/fleetdm/fleet/server/mock to...

CVE-2026-46356

Fleet (open-source device management) before v4.80.1 is vulnerable: an IP extraction flaw lets unauthenticated attackers bypass per-IP rate limits by rotating headers like True-Client-IP, X-Real-IP, or X-Forwarded-For, enabling brute-force or credential stuffing on exposed instances. Root cause: ...

CVE-2026-27806

Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the...

EUVD-2026-17459

Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials access key or vended credentials temporary access key are accessible to users that have write privilege on SQL level. This issue has been patch...

CVE-2026-26060

Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet’s password management logic could allow previously issued password reset tokens to remain valid after a user changes their password. As a result, a stale password reset token could be reused to reset the...

CVE-2025-62108 WordPress Add Custom Codes plugin <= 4.80 - Broken Access Control vulnerability

Missing Authorization vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Custom Codes: from n/a through = 4.80...

CVE-2025-62149

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Stored XSS.This issue affects Add Custom Codes: from n/a through = 4.80...

WordPress Add Custom Codes plugin <= 4.80 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Certus Cybersecurity in WordPress Plugin Add Custom Codes versions = 4.80...

WordPress plugin Add Custom Codes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-54322

Name of the Vulnerable Software and Affected Versions SaifuMak Add Custom Codes versions through 4.80 Description A flaw exists in SaifuMak Add Custom Codes that allows for Stored Cross-site Scripting XSS. This issue is due to improper neutralization of input during web page generation. Successfu...

CVE-2025-62739

Cross-Site Request Forgery CSRF vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Cross Site Request Forgery.This issue affects Add Custom Codes: from n/a through = 4.80...

CVE-2025-62739

CVE-2025-62739 concerns the WordPress plugin “Add Custom Codes” (add-custom-codes) version

CVE-2025-62739 WordPress Add Custom Codes plugin <= 4.80 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Cross Site Request Forgery.This issue affects Add Custom Codes: from n/a through = 4.80...

CVE-2025-30975 WordPress Add Custom Codes <= 4.80 - Arbitrary Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Code Injection.This issue affects Add Custom Codes: from n/a through = 4.80...

WordPress plugin Add Custom Codes 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2023-18391 · M-Filter · M-Filter

Name of the Vulnerable Software and Affected Versions: m-FILTER versions prior to 5.70R01 Ver.5 Series m-FILTER versions prior to 4.87R04 Ver.4 Series Description: The issue allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when email is being sent...

snyk-broker information disclosure vulnerability (CNVD-2020-53548)

snyk-broker is a proxy program for access between snyk.io and Git repositories. An information disclosure vulnerability exists in snyk-broker versions prior to 4.80.0. An attacker can exploit this vulnerability by creating symbolic links matching whitelisted paths to read arbitrary files on the...

ZyXEL NSA325 V2 Cross-Site Request Forgery Vulnerability

The ZyXEL NSA325 V2 is a network storage device from Hopkins ZyXEL Technology. A security vulnerability exists in the web application of the ZyXEL NSA325 V2 version 4.81. The vulnerability can be exploited by an attacker to perform a state change operation using a specially crafted HTTP form...